From 21ff524c690585048fce83e8e6236c1138d5d373 Mon Sep 17 00:00:00 2001
From: Ze-Zheng Wu <zezhengwu@proton.me>
Date: Mon, 7 Oct 2024 12:57:15 +0800
Subject: [PATCH] fix: DOM Clobbering CVE, similar to CVE-2024-47068

---
 src/shell.js                |   4 ++--
 src/shell_minimal.js        |   2 +-
 test/other/test_emsize.js   |  28 +++++++++++-----------------
 test/other/test_emsize.out  |  22 ++++++++++++----------
 test/other/test_emsize.wasm | Bin 1781 -> 1286 bytes
 tools/link.py               |   2 +-
 6 files changed, 27 insertions(+), 31 deletions(-)
 mode change 100644 => 100755 test/other/test_emsize.wasm

diff --git a/src/shell.js b/src/shell.js
index b8c9f71854d2b..f760f752f9e50 100644
--- a/src/shell.js
+++ b/src/shell.js
@@ -175,7 +175,7 @@ var quit_ = (status, toThrow) => {
 #if SHARED_MEMORY && !MODULARIZE
 // In MODULARIZE mode _scriptName needs to be captured already at the very top of the page immediately when the page is parsed, so it is generated there
 // before the page load. In non-MODULARIZE modes generate it here.
-var _scriptName = (typeof document != 'undefined') ? document.currentScript?.src : undefined;
+var _scriptName = (typeof document != 'undefined' && document.currentScript?.tagName.toUpperCase() === 'SCRIPT') ? document.currentScript.src : undefined;
 
 #if ENVIRONMENT_MAY_BE_NODE
 if (ENVIRONMENT_IS_NODE) {
@@ -375,7 +375,7 @@ if (ENVIRONMENT_IS_SHELL) {
 if (ENVIRONMENT_IS_WEB || ENVIRONMENT_IS_WORKER) {
   if (ENVIRONMENT_IS_WORKER) { // Check worker, not web, since window could be polyfilled
     scriptDirectory = self.location.href;
-  } else if (typeof document != 'undefined' && document.currentScript) { // web
+  } else if (typeof document != 'undefined' && document.currentScript?.tagName.toUpperCase() === 'SCRIPT') { // web
     scriptDirectory = document.currentScript.src;
   }
 #if MODULARIZE
diff --git a/src/shell_minimal.js b/src/shell_minimal.js
index 7567843242bf3..77225accec0a1 100644
--- a/src/shell_minimal.js
+++ b/src/shell_minimal.js
@@ -143,7 +143,7 @@ var ENVIRONMENT_IS_PTHREAD = ENVIRONMENT_IS_WORKER && self.name == 'em-pthread';
 #if !MODULARIZE
 // In MODULARIZE mode _scriptName needs to be captured already at the very top of the page immediately when the page is parsed, so it is generated there
 // before the page load. In non-MODULARIZE modes generate it here.
-var _scriptName = (typeof document != 'undefined') ? document.currentScript?.src : undefined;
+var _scriptName = (typeof document != 'undefined' && document.currentScript?.tagName.toUpperCase() === 'SCRIPT') ? document.currentScript.src : undefined;
 #endif
 
 #if ENVIRONMENT_MAY_BE_NODE
diff --git a/test/other/test_emsize.js b/test/other/test_emsize.js
index 1b75ca386bcac..6cd4983135594 100644
--- a/test/other/test_emsize.js
+++ b/test/other/test_emsize.js
@@ -1,17 +1,11 @@
-
-var a;a||(a=typeof Module !== 'undefined' ? Module : {});var k={},m;for(m in a)a.hasOwnProperty(m)&&(k[m]=a[m]);function p(b,c){throw c;}var q=!1,r=!1,t=!1,u=!1;q="object"===typeof window;r="function"===typeof importScripts;t="object"===typeof process&&"object"===typeof process.versions&&"string"===typeof process.versions.node;u=!q&&!t&&!r;var w="",y,z,A,B;
-if(t)w=r?require("path").dirname(w)+"/":__dirname+"/",y=function(b,c){A||(A=require("fs"));B||(B=require("path"));b=B.normalize(b);return A.readFileSync(b,c?null:"utf8")},z=function(b){b=y(b,!0);b.buffer||(b=new Uint8Array(b));b.buffer||C("Assertion failed: undefined");return b},1<process.argv.length&&process.argv[1].replace(/\\/g,"/"),process.argv.slice(2),"undefined"!==typeof module&&(module.exports=a),process.on("uncaughtException",function(b){if(!(b instanceof D))throw b;}),process.on("unhandledRejection",
-C),p=function(b){process.exit(b)},a.inspect=function(){return"[Emscripten Module object]"};else if(u)"undefined"!=typeof read&&(y=function(b){return read(b)}),z=function(b){if("function"===typeof readbuffer)return new Uint8Array(readbuffer(b));b=read(b,"binary");"object"===typeof b||C("Assertion failed: undefined");return b},"function"===typeof quit&&(p=function(b){quit(b)}),"undefined"!==typeof print&&("undefined"===typeof console&&(console={}),console.log=print,console.warn=console.error="undefined"!==
-typeof printErr?printErr:print);else if(q||r)r?w=self.location.href:document.currentScript&&(w=document.currentScript.src),w=0!==w.indexOf("blob:")?w.substr(0,w.lastIndexOf("/")+1):"",y=function(b){var c=new XMLHttpRequest;c.open("GET",b,!1);c.send(null);return c.responseText},r&&(z=function(b){var c=new XMLHttpRequest;c.open("GET",b,!1);c.responseType="arraybuffer";c.send(null);return new Uint8Array(c.response)});var aa=a.print||console.log.bind(console),F=a.printErr||console.warn.bind(console);
-for(m in k)k.hasOwnProperty(m)&&(a[m]=k[m]);k=null;a.quit&&(p=a.quit);var G;a.wasmBinary&&(G=a.wasmBinary);var noExitRuntime;a.noExitRuntime&&(noExitRuntime=a.noExitRuntime);"object"!==typeof WebAssembly&&C("no native wasm support detected");var H,I=new WebAssembly.Table({initial:4,maximum:4,element:"anyfunc"}),J=!1,ba="undefined"!==typeof TextDecoder?new TextDecoder("utf8"):void 0,K,L,M,N=a.INITIAL_MEMORY||16777216;a.wasmMemory?H=a.wasmMemory:H=new WebAssembly.Memory({initial:N/65536,maximum:N/65536});
-H&&(K=H.buffer);N=K.byteLength;var O=K;K=O;a.HEAP8=new Int8Array(O);a.HEAP16=new Int16Array(O);a.HEAP32=M=new Int32Array(O);a.HEAPU8=L=new Uint8Array(O);a.HEAPU16=new Uint16Array(O);a.HEAPU32=new Uint32Array(O);a.HEAPF32=new Float32Array(O);a.HEAPF64=new Float64Array(O);var ca=[],da=[],ea=[],fa=[];function ha(){var b=a.preRun.shift();ca.unshift(b)}var P=0,Q=null,R=null;a.preloadedImages={};a.preloadedAudios={};
-function C(b){if(a.onAbort)a.onAbort(b);F(b);J=!0;throw new WebAssembly.RuntimeError("abort("+b+"). Build with -s ASSERTIONS=1 for more info.");}function S(b){var c=T;return String.prototype.startsWith?c.startsWith(b):0===c.indexOf(b)}function ia(){return S("data:application/octet-stream;base64,")}var T="test_emsize.wasm";if(!ia()){var la=T;T=a.locateFile?a.locateFile(la,w):w+la}
-function ma(){try{if(G)return new Uint8Array(G);if(z)return z(T);throw"both async and sync fetching of the wasm failed";}catch(b){C(b)}}function na(){return G||!q&&!r||"function"!==typeof fetch||S("file://")?Promise.resolve().then(ma):fetch(T,{credentials:"same-origin"}).then(function(b){if(!b.ok)throw"failed to load wasm binary file at '"+T+"'";return b.arrayBuffer()}).catch(function(){return ma()})}
-function U(b){for(;0<b.length;){var c=b.shift();if("function"==typeof c)c(a);else{var d=c.h;"number"===typeof d?void 0===c.g?I.get(d)():I.get(d)(c.g):d(void 0===c.g?null:c.g)}}}var oa=[null,[],[]];da.push({h:function(){pa()}});
-var qa={b:I,d:function(b,c,d){L.copyWithin(b,c,c+d)},c:function(b,c,d,e){for(var f=0,h=0;h<d;h++){for(var ra=M[c+8*h>>2],ja=M[c+(8*h+4)>>2],V=0;V<ja;V++){var E=L[ra+V],W=oa[b];if(0===E||10===E){E=1===b?aa:F;var l=W;for(var n=0,v=n+NaN,x=n;l[x]&&!(x>=v);)++x;if(16<x-n&&l.subarray&&ba)l=ba.decode(l.subarray(n,x));else{for(v="";n<x;){var g=l[n++];if(g&128){var X=l[n++]&63;if(192==(g&224))v+=String.fromCharCode((g&31)<<6|X);else{var ka=l[n++]&63;g=224==(g&240)?(g&15)<<12|X<<6|ka:(g&7)<<18|X<<12|ka<<6|
-l[n++]&63;65536>g?v+=String.fromCharCode(g):(g-=65536,v+=String.fromCharCode(55296|g>>10,56320|g&1023))}}else v+=String.fromCharCode(g)}l=v}E(l);W.length=0}else W.push(E)}f+=ja}M[e>>2]=f;return 0},a:H};
-(function(){function b(f){console.log("receiveInstance");a.asm=f.exports;P--;a.monitorRunDependencies&&a.monitorRunDependencies(P);0==P&&(null!==Q&&(clearInterval(Q),Q=null),R&&(f=R,R=null,f()))}function c(f){b(f.instance)}function d(f){return na().then(function(h){return WebAssembly.instantiate(h,e)}).then(f,function(h){F("failed to asynchronously prepare wasm: "+h);C(h)})}var e={a:qa};P++;a.monitorRunDependencies&&a.monitorRunDependencies(P);if(a.instantiateWasm)try{return a.instantiateWasm(e,b)}catch(f){return F("Module.instantiateWasm callback failed with error: "+
-f),!1}(function(){if(G||"function"!==typeof WebAssembly.instantiateStreaming||ia()||S("file://")||"function"!==typeof fetch)return d(c);fetch(T,{credentials:"same-origin"}).then(function(f){return WebAssembly.instantiateStreaming(f,e).then(c,function(h){F("wasm streaming compile failed: "+h);F("falling back to ArrayBuffer instantiation");return d(c)})})})();return{}})();var pa=a.___wasm_call_ctors=function(){return(pa=a.___wasm_call_ctors=a.asm.e).apply(null,arguments)};
-a._main=function(){return(a._main=a.asm.f).apply(null,arguments)};a.___heap_base=5245632;var Y;function D(b){this.name="ExitStatus";this.message="Program terminated with exit("+b+")";this.status=b}R=function sa(){Y||Z();Y||(R=sa)};
-function Z(){function b(){if(!Y&&(Y=!0,a.calledRun=!0,!J)){U(da);U(ea);if(a.onRuntimeInitialized)a.onRuntimeInitialized();if(ta){var c=a._main;try{var d=c(0,0);if(!noExitRuntime||0!==d){if(!noExitRuntime){if(a.onExit)a.onExit(d);J=!0}p(d,new D(d))}}catch(e){e instanceof D||("unwind"==e?noExitRuntime=!0:((c=e)&&"object"===typeof e&&e.stack&&(c=[e,e.stack]),F("exception thrown: "+c),p(1,e)))}finally{}}if(a.postRun)for("function"==typeof a.postRun&&(a.postRun=[a.postRun]);a.postRun.length;)c=a.postRun.shift(),
-fa.unshift(c);U(fa)}}if(!(0<P)){if(a.preRun)for("function"==typeof a.preRun&&(a.preRun=[a.preRun]);a.preRun.length;)ha();U(ca);0<P||(a.setStatus?(a.setStatus("Running..."),setTimeout(function(){setTimeout(function(){a.setStatus("")},1);b()},1)):b())}}a.run=Z;if(a.preInit)for("function"==typeof a.preInit&&(a.preInit=[a.preInit]);0<a.preInit.length;)a.preInit.pop()();var ta=!0;a.noInitialRun&&(ta=!1);noExitRuntime=!0;Z();
+var c;c||=typeof Module != 'undefined' ? Module : {};var aa="object"==typeof window,h="function"==typeof importScripts,l="object"==typeof process&&"object"==typeof process.versions&&"string"==typeof process.versions.node&&"renderer"!=process.type,p=Object.assign({},c),r=(a,b)=>{throw b;},t="",u,v;
+if(l){var fs=require("fs"),w=require("path");t=__dirname+"/";v=a=>{a=x(a)?new URL(a):w.normalize(a);return fs.readFileSync(a)};u=a=>{a=x(a)?new URL(a):w.normalize(a);return new Promise((b,d)=>{fs.readFile(a,void 0,(e,n)=>{e?d(e):b(n.buffer)})})};process.argv.slice(2);"undefined"!=typeof module&&(module.exports=c);r=(a,b)=>{process.exitCode=a;throw b;}}else if(aa||h)h?t=self.location.href:"undefined"!=typeof document&&document.currentScript&&(t=document.currentScript.src),t=t.startsWith("blob:")?"":
+t.substr(0,t.replace(/[?#].*/,"").lastIndexOf("/")+1),h&&(v=a=>{var b=new XMLHttpRequest;b.open("GET",a,!1);b.responseType="arraybuffer";b.send(null);return new Uint8Array(b.response)}),u=a=>x(a)?new Promise((b,d)=>{var e=new XMLHttpRequest;e.open("GET",a,!0);e.responseType="arraybuffer";e.onload=()=>{200==e.status||0==e.status&&e.response?b(e.response):d(e.status)};e.onerror=d;e.send(null)}):fetch(a,{credentials:"same-origin"}).then(b=>b.ok?b.arrayBuffer():Promise.reject(Error(b.status+" : "+b.url)));
+var ba=c.print||console.log.bind(console),y=c.printErr||console.error.bind(console);Object.assign(c,p);p=null;var z=c.wasmBinary,A,B=!1,C,D,E=[],F=[],ca=[],J=[];function da(){var a=c.preRun;a&&("function"==typeof a&&(a=[a]),a.forEach(ea));K(E)}function ea(a){E.unshift(a)}function fa(a){J.unshift(a)}var L=0,M=null,N=null,O=a=>a.startsWith("data:application/octet-stream;base64,"),x=a=>a.startsWith("file://"),P;
+function Q(a){if(a==P&&z)return new Uint8Array(z);if(v)return v(a);throw"both async and sync fetching of the wasm failed";}function ha(a){return z?Promise.resolve().then(()=>Q(a)):u(a).then(b=>new Uint8Array(b),()=>Q(a))}function R(a,b,d){return ha(a).then(e=>WebAssembly.instantiate(e,b)).then(d,e=>{y(`failed to asynchronously prepare wasm: ${e}`);c.onAbort?.(e);e="Aborted("+e+")";y(e);B=!0;throw new WebAssembly.RuntimeError(e+". Build with -sASSERTIONS for more info.");})}
+function ia(a,b){var d=P;z||"function"!=typeof WebAssembly.instantiateStreaming||O(d)||x(d)||l||"function"!=typeof fetch?R(d,a,b):fetch(d,{credentials:"same-origin"}).then(e=>WebAssembly.instantiateStreaming(e,a).then(b,function(n){y(`wasm streaming compile failed: ${n}`);y("falling back to ArrayBuffer instantiation");return R(d,a,b)}))}function S(a){this.name="ExitStatus";this.message=`Program terminated with exit(${a})`;this.status=a}
+var K=a=>{a.forEach(b=>b(c))},ja=c.noExitRuntime||!0,ka=[null,[],[]],T="undefined"!=typeof TextDecoder?new TextDecoder:void 0,la={a:(a,b,d,e)=>{for(var n=0,W=0;W<d;W++){var oa=D[b>>2],X=D[b+4>>2];b+=8;for(var G=0;G<X;G++){var f=C[oa+G],H=ka[a];if(0===f||10===f){f=H;for(var k=0,m=k+NaN,q=k;f[q]&&!(q>=m);)++q;if(16<q-k&&f.buffer&&T)f=T.decode(f.subarray(k,q));else{for(m="";k<q;){var g=f[k++];if(g&128){var I=f[k++]&63;if(192==(g&224))m+=String.fromCharCode((g&31)<<6|I);else{var Y=f[k++]&63;g=224==(g&
+240)?(g&15)<<12|I<<6|Y:(g&7)<<18|I<<12|Y<<6|f[k++]&63;65536>g?m+=String.fromCharCode(g):(g-=65536,m+=String.fromCharCode(55296|g>>10,56320|g&1023))}}else m+=String.fromCharCode(g)}f=m}(1===a?ba:y)(f);H.length=0}else H.push(f)}n+=X}D[e>>2]=n;return 0}},U=function(){function a(d){U=d.exports;A=U.b;d=A.buffer;c.HEAP8=new Int8Array(d);c.HEAP16=new Int16Array(d);c.HEAPU8=C=new Uint8Array(d);c.HEAPU16=new Uint16Array(d);c.HEAP32=new Int32Array(d);c.HEAPU32=D=new Uint32Array(d);c.HEAPF32=new Float32Array(d);
+c.HEAPF64=new Float64Array(d);F.unshift(U.c);L--;c.monitorRunDependencies?.(L);0==L&&(null!==M&&(clearInterval(M),M=null),N&&(d=N,N=null,d()));return U}var b={a:la};L++;c.monitorRunDependencies?.(L);if(c.instantiateWasm)try{return c.instantiateWasm(b,a)}catch(d){return y(`Module.instantiateWasm callback failed with error: ${d}`),!1}P??=O("test_emsize.wasm")?"test_emsize.wasm":c.locateFile?c.locateFile("test_emsize.wasm",t):t+"test_emsize.wasm";ia(b,function(d){a(d.instance)});return{}}(),V=c._main=
+(a,b)=>(V=c._main=U.d)(a,b),Z,ma;N=function na(){Z||pa();Z||(N=na)};function pa(){function a(){if(!Z&&(Z=1,c.calledRun=1,!B)){K(F);K(ca);c.onRuntimeInitialized?.();if(qa){var b=V;try{var d=b(0,0);ja||(c.onExit?.(d),B=!0);r(d,new S(d))}catch(e){e instanceof S||"unwind"==e||r(1,e)}}if(b=c.postRun)"function"==typeof b&&(b=[b]),b.forEach(fa);K(J)}}if(!(0<L)){if(!ma&&(ma=1,da(),0<L))return;c.setStatus?(c.setStatus("Running..."),setTimeout(()=>{setTimeout(()=>c.setStatus(""),1);a()},1)):a()}}
+if(c.preInit)for("function"==typeof c.preInit&&(c.preInit=[c.preInit]);0<c.preInit.length;)c.preInit.pop()();var qa=!0;c.noInitialRun&&(qa=!1);pa();
diff --git a/test/other/test_emsize.out b/test/other/test_emsize.out
index ef0fd233c3a7e..922f2d4c9d7f0 100644
--- a/test/other/test_emsize.out
+++ b/test/other/test_emsize.out
@@ -1,11 +1,13 @@
 section      size   addr
-TYPE           51     10
-IMPORT         31     63
-FUNCTION       14     96
-GLOBAL          9    112
-EXPORT          9    123
-ELEM            9    134
-CODE         1556    146
-DATA           77   1704
-JS		6756	0
-Total		8512
+TYPE           41     10
+IMPORT          7     53
+FUNCTION        9     62
+TABLE           5     73
+MEMORY          6     80
+GLOBAL          8     88
+EXPORT         17     98
+ELEM            9    117
+CODE         1083    129
+DATA           72   1214
+JS		4799	0
+Total		6056
diff --git a/test/other/test_emsize.wasm b/test/other/test_emsize.wasm
old mode 100644
new mode 100755
index 0f71db54e3360e2b1479ef95968610adad0a9a2d..7a65eee4bad4648ede2f12cbcbe23f0958e8dcc4
GIT binary patch
literal 1286
zcmZ8hv2N5r5S^J_+k4qFaU_sXNU>fh4hbZxLqZg{NFj;%i3Ea#>>x-$f(nO-4+s(^
z1w{%93JN+X_y8&@3JQ7}{s7+CM^HH3?bvU3-^{$3Iof)3pNWVs7MrH)I_@@E7mH`L
zM4JR-x@R3f+Z4s5VBX>_5;Jm!*=9^RmWOO@mNOs7f#eP(>HSOVizUmqh4>CJZ<FJ@
zOrsG~VsG*yTlnalkUv9#R_!d&qEBy^0!@Wd=YN5_lUaJ>CPER<fwRh%JODl&^|-Ww
zHgNaQrF|DDeNc3XKqWJofj9k7B+>d_2{$#HSzsJ(qDkCdCQ1uyRv~U9mpm5l=UjZu
z6(#USDS-mFH4Tny8M6mZZ4yX*plIz3+!72(uMq`F+|+ngV}ex&wj|IWxq%{3gG`kb
z=X?-<hq+7N9KM<{L_%(RD#qa)aJzk`NHg?!2f<#s8*~+C-nsN?IHos_poQ8us>x@?
z)mI{K>4q+N`YK#>=Rws*bAf^hG?A5Pr&8(D={f@>Q(1xGshow$f`v#^IUP7iqX$ye
z)SRR)1eF>DpU8Ensd<l^iYifYYYVX;4sJ|j9P^tHGe=40d)9+64?GbY-K{uE=5Z4(
z5SJ*7&b846JI?^r<75Fgk@W%v*CH`6=Pd$4;Mar2RuM*RERKU%RpCRHy0ubkrROeb
zCM&AGCIqA46{u7NEiGh&fY^t+28!q|wCZK2P$aoo(lV-zz-;T`C^Q$y{}e6Zch!3t
za&&_%Xp>0E>>`RpctL}#ma+^%P~&F41^>Vi=O7h2KG_D{wtw)#^_fPry6mO>=LavI
z?hXbqsH_YM^w2Sb2EXrG9}%_8!x_}3%JjKa#z*cm&`j4#lG%Jt7Jv@z3DSP_2A~gB
zmBzrJyTO9isoF?rogP}$^8Y`qa&lPJ<w-v}c>NUcUs^Of2p605Z~hV^LX~H6SyQW2
zX*953&oxh9-n+ZA^Wai=@?dXg8;Tt|&l#oHFsy$F{*(}r!SAibg697+Y<+h=`;E`S
EAMM<@G5`Po

literal 1781
zcmaJ?&2Ah;5U#53*`3|q@lMbpS&k)o1|KZpNR|=}k>$fSlI=Kl@R^$pNrYyM!rDmT
zfIJK00XTrf1MmPm075?U09-ip7zn~w-A?$Cz>>$+)zx2Def?FL&MrS<BI3KFQ`7f7
z_ou8Mi6#+N6gTLU;I;_SZPQ=%d?jyKKI0E)i0@-yobj3PQkDYieg2rNSt*1$%b5no
zikQI&;Nkk4YjMMo@Dp0$r&NqaOo5#l=7aIqlj295=)*Fvtjs-cN?D8Ty=0zCQ*iV+
z{m$yF^K@ttglJFd+qgwEb$V`#jsiU>$Wvv^+?!hVa9Bd$)&}A29ilKkC<st`T3(*6
zjhDk1iJ-~?R=O%;&#KHzHE=%jaF@s@X5p!AWQMpwTN&q#dyl!tlJ3yMnsJ}!iyeCC
zX;TR6e1U|47yLyd6#A+2^bWl(dJ{snYHnm*0}?2!a~n65f!yl|*|YP262tc+PZ7ZV
zVOYRVSlW{W?WN>3#r1-eBwlwJ%mPQTkiZW#u968OCi!12D*;&`1N7{Wrpaxkv~gRD
zHz$!8vjA;MvI(CpY6{nM2%ZI4^R~7}1tkd7iv$z1wn2fB<Ghg@wkM5DlCMO0$(m`^
zF>bYy)nu(JA<^d>@yXg~WFuLdjcg`stC6i_Z8x%=tb2{zOV<5H?k8)vkzEuv?_y!|
z4u#oAS`oGh75*c84mJ^Bl>jZ&DQzZL72XYr-~ojvExzRSUqnVqd56HIk}EqT$uc`+
zkj>w3d6kX99sl<nDqrU;^n(xd@r&@Vf0KgmYO_J!sCL$Ca9^sW`h~caP28yT8kKUV
zikm^q5Q_~`4N+W)nxz+&3l8o^Pr&<!Nn28BAta<_z1fsWo$VLmv(O(GKm{PW(AN1;
zJqYHLwjRNg2Q<g+uFm}knt+y7SCe4j)Btt*yi>RJS*JaxccN9$I*6&+5B;F4HL;uf
z<7=7FtAcFk4+>SX9{cb1@i%gZCedE#I0I7j2<VEPNPZY(zo0dJ7u3)>WMYDE!K8Jk
zY~oB}6wc6md@ns+W29W7L0<g++w*o2mY;v|<)@21B&a^to<m<O^KR;J5;K7-Z4|T<
zSLh9m)A`f6ryx9hl`A4(j|07H`@k7qbxr1>4^)mo1eFud2e;#7lZbZ|#z<NVndv^p
z<%uqV%5g4n7^9J6tCtYV73zROO1wJiiknjfieok=8;7i}E72a0z>rNu)uEcM12YNV
z{Dlv=X&Yh^I)?*8pDOn0nig4tNcR?DRDs=N=p_xSGQA6iyErXiU)>m9>;_bhQNAH|
z?$JO=bgzB*<ox{EmVf^2;{0(%M61yKx4Gkt!gu(C|06%-Zbh(T@cWa+2N6G~tzUDO
IjbGsBPx`vxZ2$lO

diff --git a/tools/link.py b/tools/link.py
index b7cb3c77ddccb..f869ea9912f49 100644
--- a/tools/link.py
+++ b/tools/link.py
@@ -2414,7 +2414,7 @@ def modularize():
     if settings.EXPORT_ES6 and settings.USE_ES6_IMPORT_META:
       script_url = 'import.meta.url'
     else:
-      script_url = "typeof document != 'undefined' ? document.currentScript?.src : undefined"
+      script_url = "(typeof document != 'undefined' && document.currentScript?.tagName.toUpperCase() === 'SCRIPT') ? document.currentScript.src : undefined"
       if shared.target_environment_may_be('node'):
         script_url_node = "if (typeof __filename != 'undefined') _scriptName = _scriptName || __filename;"
     src = '''%(node_imports)s